The following information is a guideline to variousespionage threats; the recommendations on)-.!/01102345!34/06789304!3:!8!5;330485.!9-6.89:[email protected]<89304:!04!)-.!/01102345!34/06789304!3:!8!5;30;:!.:>30485.!9-6.89:[email protected]<89304:!04!how tos " # Team-02!90!start:9869! up;>! a8! !)A"B!).87!linked134C.90!Training)6834345! Courses"0;6:.:! for/06! all811!different<3//.6.49! user;:.6! levels,1.=.1:D! and84recommendations for products that have proven their reliability & competence, and which are[email protected]<89304:!/06!>[email protected]>[email protected]!84used by various government sweep teams around the world.;:.!9.87:!860;4!

!&:!/14.12.!6/!/5.7862A!C1>;!879519/=!C1>!B21&:!/14.12.!6/!/5.7862A!C1>;!879519/=!C1>!B21-1If someone is stealing your laptops, you know; however,if someone is analyzing the strategy723!:7D;60!1:!C1>;!1;A726E75612!C1>!47C!215!5;>8C!B21<=!.?.2!6:!C1>!47C!/>/[email protected]!&2!/-1;5=!-1and fabric of your organization you may not truly know, even if you may suspect. In short, how31!C1>!B21!7;.!81/62A!/5;75.A60788C!/31!C1>!B21!7;.!81/62A!/5;75.A60788C!/.2/656?.!62:1;475612!5-;1>A-!72!62?6/6D8.!4.36>4P!.2/656?.!62:1;475612!5-;1>A-!72!62?6/6D8.!4.36>4P!do you know if you are losing strategically sensitiveinformation through an invisible medium?)-6/!6/!a7!dilemma368.447!faced:70.3! byDC! many.[email protected]!Consequently,"12/.F>.258C=! i65!65t! is6/! considerably012/63.;7D8C! more41;.! difficult36::60>85! to51! defend3.:.23!This is7A762/5!5-6/!:1;4!1:!5-;.75!5-72!51!62/[email protected]!against this form of threat than to instigate it.!/0&,10,2,340&,0$,5%41,0-(,%5,2,)6,),()$*#(7,How do I know or find out if I am a target?*//>4.!5-75!C1>!7;[email protected]!*/!78;.73C!36/0>//.3!C1>!47C!D.!57;A.5.3!62!36::.;.25!<7C/@!&5!<1>83!D.!Assume that you are. As already discussed you may be targeted in different ways. It would be7a!47Q1;!>23.;57B62A!51!012/57258C!412651;!723!62?./56A75.!788!4.5-13181A6./=!723!9;1D7D8C!128C!7!47Q1;!>23.;57B62A!51!012/57258C!412651;!723!62?./56A75.!788!4.5-13181A6./=!723!9;1D7D8C!128C!major undertaking to constantly monitor and investigate all methodologies, and probably only<7;;725.3!62!exceptional.J0.9561278!circumstances.06;0>4/5720./@! However,! K1K1<1>83! beD.! safe/7:.! to51! say/7C! that5-75! 6:!C1>! are7;.!warranted int wouldif youD.62A!57;A.5.3=!C1>!-7?.!D..2!1;!7;.!7841/5!0.;57628C!D.62A!D>[email protected]!!"12/.F>.258C=!7!/being targeted, you have been or are almost certainly being bugged. Consequently, a sweep1:!/.2/656?.!7;.7/!723!9-12.!862./!<1>83!D.!5-.!41/5!.::606.25=!01/5!.::.056?.!723!799;19;675.!of sensitive areas and phone lines would be the most efficient, cost effective and appropriate<7C!:1;<7;[email protected]!!way forward.!**!/472C! view?6.7/! a7!standard/57237;3!service,/.;?60.=!alongside7812A/63.! office1::60.!cleaning08.7262A! and723!fire/access:6;.R700.//!A!sweep,/C/5.4!47625.2720.=!072!D.!0123>05.3!75!72C!564.=!.65-.;!75!26A-5=!3>;62A!7!/.2/656?.!62S-1>/.!system maintenance, can be conducted at any time, either at night, during a sensitive in-house1;!1::S/65.!meeting4..562A!in62!cars07;/! or1;! even.?.2!airplanes.76;9872./@!This)-6/! provides)-6/!9;1?63./! either.65-.;! immediate644.3675.! reassurance;.7//>;720.! 1;!or off-siteor572A6D8.!.?63.20.!1:!./[email protected]!tangible evidence of espionage activity.

CONFIDENTIAL"#$%&'($)&*+!!"#$%&'($)&*+!

2

,

elaman

!

Overview!"#$"%#&

StrategicSecurityOverview'($)(#*%+,'#+-$%(.,!"#$"%#&*%+,'#+-$%(%+,'#+-$%(%+,'#+-$%(..,!"#$"%#&'($)(#'($)(#*What do I do if I am being bugged?/0)(,12,3,12,%4,3,)5,6#%7*,6-**#18,First, teH no one. Assemble a trusted ! s " # management team.%-./01!0233!45!5426!*//27832!9!0.:/02;!)27240!02976!!!

!()*+&,$-*./.$Typical Risks0%1&2*3&'*42&,$5*.'&/#.$• Organizationalmistakes62+42'%4,,#7$&++#..$'4$89:;$'#.'*)5#2'$4?$'"#$.#%@*+#$62+42'%4,,#7$&++#..$'4$89:;$'#.'*)5#2'$4?$'"#$.#%@*+#$• Uncontrolledaccess to I D N test-equipmentof the servicestaff.'&??$• U6.*21$'"#$5#54%($4?$?&A$5&+"*2#.$B*'"4>'$)#%*47*+&,$s i n g the memory of fax machines without periodical+"#+/*21$'"#$.'4%#7$2>5C#%.$checking the stored numbers

Typical Risks!()*+&,$-*./.$!#+"0*+&,$1#&/$)2*0'.$• Technicalweak points• Digitalphones with hands-free-answer-back in critical3*4*'&,$)"20#.$1*'"$"&05.67%##6&0.1#%68&+/$*0$+%*'*+&,$rooms (e.g. of board members)%229.$:#;4;$27$82&%5$9#98#%.• Telephones(as well as analog) in conference rooms!#,#)"20#.$:&.$1#,,$&.$&0&,24• U=.*04$+2%5,#..$)"20#.$:#.)#+*&,,($27$72%9#%$4#0#%&'*20$s i n g cordless phones (especially of former generationwhich can easily be monitored)1"*+"$+&0$#&.*,($8#$920*'2%#5!()*+&,$-*./.$

H)563737>!07!.F934/.72!67?!916>.!26D37>!3720!:0713?.562307!2-.!.7?HH-)563737>!07!.F934/.72!67?!916>.!26D37>!3720!:0713?.562307!2-.!.7?HTraining on equipment and usage taking into consideration the end- !user'sconditions91.5T1!:07?323071!

/

HS.E3.=!08!/676>./.72!67?!:005?3762307!2.:-73F9.1!H-S.E3.=!08!/676>./.72!67?!:005?3762307!2.:-73F9.1!Review of management and coordination techniques

For in-country sweep teams, including portable cases and vehicles9,1%'.:+,2.)1;%("##$%)#4-(5#%+4(#(%4./%7#?'+5#(%This equipment is instaHed in portable casing, @-.=-!=75!07/.8A!<0!4:B09!C;:4!387=0!6:!387=0!which can easily be moved from place to place)-./!012.34056!./!.5/678809!.5!3:;67<80!=7/.5>[email protected]=-!=75!07/.8A!<0!4:B09!C;:4!387=0!6:!387=0!)-./!012.34056!./!.5/678809!.5!3:;67<80!=7/.5>?!!

• A*!>48130/!4picture is taken first, then unit is withdrawn so the image can be looked at before the-;;48/0!/71/068/!!officer enters the confined space%40/60B/0614-7Firearms teams have successfully been using this unit during recent exercises and operations.

PATENTED THREAT LOCATING SYSTEM?B,)/2!.0<2><23!Threat)/:20+450E! System7=1<2?! uses8121! sonic14>K5! ranging:0>EK>E! and0>3! triangulation[email protected]! t<4!@450<2! the2!The Patentedo locate1?K<<2:!?K5:49/4>2-!transmitter microphone.!"#$%&'()*()+%$,$()-%.'*%/*0,%1)%2$)+%#3%'*%'2+#/%$#4*'0%.'*%1)%+)-/+20'()+%5#("%(")%67869:%This patented system can only be used if an audio signal can be demodulated with the OSCOR.%

thecryptocryptomode,mode,youryourTopsecGSMt&s'phonephoneInIntheTopSecandthethecalledcalledTopSecTopsecstationstationautomaticallyautomaticallyandagreeononaanewnew128-bit128 key for each call. Theagree128 key is randomly determined out of128-bit381010possibilities and erased after the calliissterminated.terminated.

I

Dial theof thethe desiredDialthe numbernumber ofdesired subscribersubscriberand briefly press the crypto softkey belowthe display to switch to the crypto mode.hC"Crypto"is indicated in the display toconfirm the encryptionencryptionmodemode asas well asas aa4-digit control code (see figure). In the44-digitcase of closed subscriber groups, autocaseautomatic authentication is performed byby apublic key procedure.Thusyou can be sure that youryour communiThuscommuni-cation is encrypted and that nobodynobody caneavesdrop youreavesdropyour call.

9;8\77.X!H=!B>!:5!G9;8\77.X!H=!B>!:5!GD=16!9;8\77DX!H=!B>!77!GD=16!9;8\77JX!D=16!9;8\77DX!H=!B>!77!GD=16!9;8\77JX!802.hl$: up to 54 !%&!%&5, 802.11b: up to 11 Mbps, 802.11g:H=!B>!:5!GD=1!!up to 54 Mbps

One of the essential tools used within a cable 6&?7&16&sweep is the Cable Amplifier System. It is89$&"2&7:$&$66$971,%&7""%6&;6$#&<17:19&,&=,-%$&6&?7&16&89$&"2&7:$&$66$971,%&7""%6&;6$#&<17:19&,&=,-%$&necessary to use an amplifier to detect hardwiredmicrophones, insert voltage into a line9$=$66,35&7"&;6$&,9&,/0%121$3&7"$7$=7&:,3#<139$=$66,35&7"&;6$&,9&,/0%121$3&7"$7$=7&:,3#<13$#&/1=3"0:"[email protected]&196$37&A"%7,B$&197"&,&%19$&$#&/1=3"0:"[email protected]&196$37&A"%7,B$&197"&,&%19$&to power a hidden microphone and to record the voltage present on the line.7"&0"&&

BOGUSCELLBOGUSCELL DETECTION=4*>+&<6??&,6:[email protected][email protected]:[email protected][email protected][email protected][email protected]=By being aware of the transmitted system information on the control channels of legitimate cell[email protected]!8-.!32.3E!8-.!/01!)[email protected]!8=!sites within the area, the G5! Tracer is able to recognize bogus cell sites that are attempting to95954!658.! forF=2! its586! own[email protected]!purposes.>?2>=6.6D!Once#@4.! the8-.! G5/01!2.4.5;.2! has-36! latched<384-.:! onto[email protected]=! these8-.6.!mimic a3!legitimate! receiverB=C?6!4.<bogus cell transmissions, it then decodes the transmissions, giving the user information such as832C.8!&10&D!!target 1!51.!)-.!/01!2.4.5;.2!-36!8-.!3B5<587!8=!>[email protected][email protected]!B36.:[email protected][email protected]=2!<5686!2.3:!F2=9!8-.!The G5! receiver has the ability to perform its own scans based on neighbor lists read from the=;.2-.3:[email protected][email protected]!4.<<6D!!overhead of the genuine cells.

LOGGING OF SURROUNDING MOBILES5;**:8*&;:57+&&):4!GHI!)6.>46!>.-!=<654E!.-!.64.!B60/!.!/[email protected]/8!=<>:!.=!.!>.6F!):4!30;=!9233!14!7:4!):4!GHI!)6.>46!>.-!=<654E!.-!.64.!B60/!.!/01234!@3.7B06/8!=<>:!.=!.!>.6F!):4!30;=!9233!14!7:4!The G ! Tracer can survey an area from a mobile platform,such as a car. The logs will be the=2;-.3!=764-;7:!0B!=<66046!927:[email protected]=2720-!2-B06/.720-!B60/!signal strength of surrounding Cells as seen by the G ! Tracer with position information from.-!.77.>:4D!GPH!64>42546F!Q:4-!7:4!GHI!)6.>46!2=!3.746!30>[email protected]=2720-!27!>.-!an attached CPSreceiver. When the G ! Tracer is later located at its stationary position it canD4>0D4!/4.=<64/[email protected]=!B60/!/01234=!2-!7D4>0D4!/4.=<64/[email protected]=!B60/!/01234=!2-!7:4!2//4D2.74!.64.F!):4=4!/4.=<64/[email protected]=!:4!2//4D2.74!.64.F!):4=4!/4.=<64/[email protected]=!decode measurement reports from mobiles in theimmediate area. These measurement reports>.-!14!matched/.7>:4D!with927:!the7:4!survey=<654E! logs30;=!giving;252-;! the7:4! position@0=2720-! of0B! the7:4! mobiles./01234=F!The):4! mobiles/01234=! will9233! be14!can be2D4-72B24D!1E!7:426!)IH&F!):4!=<654E!64=<37=!.64!=7064D!2-!=<>:!.!9.E!.=!70!14!.134!70!14!64.D!1E!identified by their TMsI. The survey results are stored in such a way as to be able to be read by/[email protected]@2-;[email protected];6./=F!!mapping programs.

USER INTERFACE=+76&:8976<4A7&&):4!GHI!)6.>46!2=!.5.23.134!927:!.-!4/14DD4D!=2-;34!10.6D!>0/@<746F!"0--4>720-!0B!.!=>644-8!):4!GHI!)6.>46!2=!.5.23.134!927:!.-!4/14DD4D!=2-;34!10.6D!>0/@<746F!"0--4>720-!0B!.!=>644-8!The G ! Tracer is available with an embedded singleboard computer. Connection of a screen,R4E10.6D!.-D!mouse/0<=4! will9233! be14!needed-44D4D! to70! set=47! up7:4! alarm.3.6/! parameters.@.6./4746=F!Alternatively*3746-.72543E! the7:4! GHI!keyboard andG!)6.>46!>.-!14!D6254-!D264>73E!B60/!.-!.77.>:[email protected]@!P"!52.!7:[email protected]!):[email protected];!=E=74/!Tracer can be driven directly from an attached laptop PC via the u s # port. The operating system<=4D!2=!Q2-D09=!UP8!9:2>:!:.=!7:4!B.>2327E!B06!VW4/074!'[email protected]?8!9:464!52.!.!KP$!>0--4>720-8!used is Windows XP, which has the facility for 'Remote Desktop', where via a VPN connection,7:[email protected]!0B!7:4!GHI!)6.>46!>.-!14!>0-760334D!B60/!.!64/074!P"F!!the operation of the G ! Tracer can be controlled from a remote PC.

The Channel! Tracer)-.!"-3==.;! List+:57! window9:=A<9! contains4<=73:=5! a3! list;:57! of<>! all3;;! the7-.! broadcastC2<3A4357! channels4-3==.;5! that7-37! G5/01!)234.2! has-35!A:54<2837:<=!:7!-35!F3:=.A!>2<8!7-.5.!4-3==.;5E!discovered, while it has been scanning, and any information it has gained from these channels.There are ten values for each channel in the list:)-.2.!32.!7.=!I3;B.5!><2!.34-!4-3==.;!:=!7-.!;:57G!•••

!

•••••••

*L%"$!N!)-.!355:F=.A!4-3==.;!=B8C.2!ARFCN— The assigned channel number$.79<2?!N!)-.!=38.!<>!7-.!=.79<2?!Network—The name of the network operating the cell serviced by this channel1$"!N!)-.!1!7-.!=.79<2?!B;!:>!/01!)234.2!AM N C — The Mobile Network Code of the network operator (useful if G5! Tracer does not?=<9!7-.!=38.!<>!7-.!know the name of the operator)PT<9.2!+.I.;!N!)-.!;357!H<9.2!;.I.;!A.7.47.A!><2!7-:5!4-3==.;!o w e r Level —The last power level detected for this channel":H-.2:=F!N!)-.!76H.!<>!4:H-.2:=F!C.:[email protected]=?=<9=O!*PQRO!*PQS!<2!=<=.D!":H-.2:=F!N!)-.!76H.!<>!4:H-.2:=F!C.:[email protected]=?=<9=O!*PQRO!*PQS!<2!=<=.D!Ciphering — The type of ciphering beingused (unknown, A5/1, A5/2 or none)L+357!*47:I.!N!)-.!;357!7:8.!7-.!4-3==.;!935!A.7.47.A!5.=A:=F!C2<3A4357!:=><2837:<=!a s t Active — The last time the channel was detected sending broadcast information(8H76!T3F:=F!N!)-.!H.24.=73F.!<>!.8H76!H3F:=F!8.553F.5!5..=!<=!7-.!4-3==.;!6!H3F:=F!8.553F.5!5..=!<=!7-.!4-3==.;!E(8H76!T3F:=F!N!)-.!H.24.=73F.!<>!.8H76!H3F:=F!8.553F.5!5..=!<=!7-.!4-3==.;!m p t y Paging — The percentage of emptypaging messages seen on the channel"-3==.;!)6H.!N!)-.!76H.!<>!4-3==.;!C.:[email protected]&UO!UO!<2!U&D!Channel Type —The type of channel being used (IV, V, or VI)V!7-.!4-3==.;!B5.5!-<2!A.A:437.A!4-3==.;5!Hopping— If the channel uses hopping for dedicated channels&=A:I:AB3;!0.77:=F5!N!&>!7-.2.!32.!:=A:I:AB3;!5.77:=F5!><2!3;.275!3CIndividual Settings — If there are individual settings for alerts about this channel

AIEFITS45678+&)-./.!0/.!0!1234./!56!.7.189!8-08!:;<[email protected]!)/0A./!0)-./.!0/.!0!1234./!56!.7.189!8-08!:;<>[email protected]!)/0A./!0There are a number of events that will trigger the G5! Tracer alerts, all of the parameters can4.!9.8B!01D!8-.!A5//.9C51D;1=!/.C5/8;1=!A01!4.!9.be set, and the corresponding reporting can be selected.

!#1!8-.!On the left side of the dialog there is a list of all the events8-08!A01!occur5AA2/! while:-;>[email protected]!)/0A./! is;9!scanning.9A011;1=E!For%5/! each.0A-! of56!that can! Tracerthe events there are two selection boxes. The left hand box8-.!.7.189!8-./.!0/.!8:5!9.9.89!8-.!<5=!sets the log level of the event, this will display the event in8-.!M*the 'Alert' or 'Info' display.!

&-!./!0!123324!567.68!-90-!077!:2-64-.07!0--01;/!0<6!50/6=!0<2>4=!<632-6!0116//!04=!46-?2It is a common belief that all potential attacks are based around remote access and networks.)9./!./!80-9!04=!/236!28!-96!32/)9./!./!80-9!04=!/236!28!-96!32/-!76-907!0--01;/!0<6!1233.--6=!0-!-96!123:>-6This is far from the truth and some of the most!76-907!0--01;/!0<6!1233.--6=!0-!-96!123:>-6lethal attacks are committed at the computer.A646<077BC!123:>-6<0-.24/!0<6!E6<6!04=!:<2E.=6!60/6!28!>/6!82Generally, computer hardware and configurations are very secure and provide ease of use for-96!>/6D6!0<60!28!?60;46//!.4!?90-!12>7=!56!0!E6/!/B/[email protected]!!the user. This is a huge area of weakness in what could be a very security conscious system.A.E.4D!04!attacker0--01;6FG! seconds/6124=/! o28!0116//! t-2!123:>-6104! result<6/>7-! in.4! masses30//6/! o28!/61><6!Giving anf accesso a0! computerf secure.482<30-.24!56.4D!D0.46=!?.-92>-!-96!>/6;[email protected]!)9./!?2>7=!07/2!56!-96!.=607!-.36!.4!information being gained without the user's knowledge. This would also be the ideal time in?9.19!-2!:-><6C!32<6!76-907!0--01;/!!which to prime the machine for future, more lethal attacksIB!;42?.4D!how92?! these-96/6!attacks0--01;/!take-0;6!place:7016! it.-! is./!possible:2//.576! to-2! introduce.4-<2=>16! preventative:<6E64-0-.E6! action01-.24! and04=!By knowing/61><6!077!0<60/!28!:2-64-.07!?60;46//@!secure all areas of potential weakness.!

VoIP AttacksVoice over Internet Protocol is becoming very popular due to the ease of mass installation andlow cost. It is a very effective means of communication but also a potential hole in securesystem. By sitting on the network, or leaving a small device monitoring the network, aneavesdropper is able to record all conversations as well as extract usernames and passwords.By being able to identify this weakness it is possible to provide measures to ensure a systemis safeguarded.

The IT ! s " # course is intended to provide participantswith the necessary knowledge to help)-.!&)!)/"0!12345.!65!678.79.9!82!:42;69.!:<48616:<785!=68-!8-.!7.1.55<4>[email protected][email protected]:!)-.!&)!)/"0!12345.!65!678.79.9!82!:42;69.!:<48616:<785!=68-!8-.!7.1.55<4>[email protected][email protected]:!install countermeasures and proactive procedures within an IT Environment.6758!D68-!B6E834.! of2F! theory8-.24>!and<79!hands-on-<795G27!practice:4<1861.!:4<1861.!.! the8-.! participants:<48616:<785! will[email protected]@! beH.! shown5-2=7! the8-.! common12BB27!With a<88<1?5!67!&)!<79I!6F!:[email protected]!-2=!82!5attacks in IT and, if possible, how to safeguard against them.!J>!8-.!.79!2F!8-.!12345.!8-.!:<48616:<[email protected]@!H.!By the end of the course the participants will be able to:!

!0.8-295!:42<186;.! protection:428.18627! and<79!penetration:.7.84<8627! testing8.5867A! will[email protected]@! bH.!8<3A-8I! including[email protected]! UserS5.4!Methods i 67!n proactivee taught,*38-.7861<8627!0.8-295I!(714>:8627I!T<49=<4T<49=<4.!..!!O428.18627!<5![email protected]@!<5!:4<1861-<795G27!Authentication Methods, Encryption, Hardware Protection a s well a s practical hands-on9.:@2>B.78!2F!8-.!5>58.B5C!deployment of the systems.!)[email protected]<88.4!:<48!2F!8-.!12345.!65!<6B.9!<8!)/"0!O4293185!H.67A!35.9!.FF.186;[email protected]>[email protected]!2F!&)!The latter part of the course is aimed at $5%& Products being used effectively in the field of IT!!